Microsoft is warning of a fresh email campaign that distributes malicious RTF files boobytrapped with an exploit dating back to a 2017 vulnerability, CVE-2017-11882.
The exploit allows attackers to automatically run malicious code without requiring user interaction.
“The CVE-2017-11882 vulnerability was fixed in 2017, but to this day, we still observe the exploit in attacks,” Microsoft Security Intelligence tweeted on Friday. “Notably, we saw increased activity in the past few weeks. We strongly recommend applying security updates.”